|Summary:||Regression in cache-control headers for requests with security-constraints|
|Product:||Tomcat 7||Reporter:||Michael Zampani <zampani>|
|Component:||Catalina||Assignee:||Tomcat Developers Mailing List <dev>|
|Attachments:||Patch to revert isSecure() check|
Description Michael Zampani 2011-08-23 20:55:25 UTC
Created attachment 27428 [details] Patch to revert isSecure() check Copied from http://markmail.org/thread/rlkpd3hqihc3zbji CLN 1126273 http://svn.apache.org/viewvc?view=revision&revision=1126273 sets the default value for securePagesWithPragma to false, but also (re)added a request.isSecure() check to the block for adding the cache-control headers. This results in the headers not being added for secure requests with security-constraints. This is a change in behavior from Tomcat-7.0.14 that causes IE8 to improperly cache some secure pages. The secure check was initially added in CLN 287690 http://svn.apache.org/viewvc?view=revision&revision=287690 to fix a bug in IE caching https://issues.apache.org/bugzilla/show_bug.cgi?id=6641 but was commented out in CLN 302373 http://svn.apache.org/viewvc?view=revision&revision=302373 patch to remove isSecure() check added.
Comment 1 Mark Thomas 2011-08-29 14:43:15 UTC
Thanks for the patch. This has been applied to 7.0.x and will be included in 7.0.21 onwards.